Total
254927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2129 | 1 Deltascripts | 1 Pro Publish | 2024-02-04 | 5.5 MEDIUM | N/A |
| Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php. | |||||
| CVE-2006-1010 | 1 Crossfire | 1 Crossfire | 2024-02-04 | 6.4 MEDIUM | N/A |
| Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request. | |||||
| CVE-2006-2781 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2024-02-04 | 6.4 MEDIUM | N/A |
| Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. | |||||
| CVE-2005-0196 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. | |||||
| CVE-2006-0862 | 1 Infovista | 1 Portalse | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2005-1410 | 2 Postgresql, Trustix | 2 Postgresql, Secure Linux | 2024-02-04 | 2.1 LOW | N/A |
| The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments. | |||||
| CVE-2005-3190 | 1 Broadcom | 1 Igateway | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests. | |||||
| CVE-2005-4339 | 1 Blackboard | 1 Academic Suite | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. | |||||
| CVE-2006-1586 | 1 Internet Solutions Professionals | 1 Site Man | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter. | |||||
| CVE-2005-0687 | 1 Hashcash | 1 Hashcash | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header. | |||||
| CVE-2006-4064 | 1 Yenerturk | 1 Yenerturk Haber Script | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected. | |||||
| CVE-2005-3768 | 1 Symantec | 10 Enterprise Firewall, Firewall Vpn Appliance 100, Firewall Vpn Appliance 200 and 7 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2006-3676 | 1 Planet Concept | 1 Planetgallery | 2024-02-04 | 5.1 MEDIUM | N/A |
| admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types. | |||||
| CVE-2005-4164 | 1 Widgetmonkey | 1 Php-addressbook | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3069 | 1 Hylafax | 1 Hylafax | 2024-02-04 | 2.1 LOW | N/A |
| xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file. | |||||
| CVE-2006-2526 | 1 Power Place | 1 Php Easy Galerie | 2024-02-04 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | |||||
| CVE-2005-0235 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2004-2671 | 1 Endonesia | 1 Endonesia | 2024-02-04 | 5.0 MEDIUM | N/A |
| mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters. | |||||
| CVE-2005-2449 | 1 Sandbox | 1 Sandbox | 2024-02-04 | 1.2 LOW | N/A |
| Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp. | |||||